com.gemstone.gemfire.security
Interface AccessControl

Specifies the interface to authorize operations at the cache or region level
for clients or servers. Implementations should register name of the static
creation function as the security-client-accessor system
property with all the servers uniformly in the distributed system for client
authorization. When the security-client-accessor-pp property
is set then the callback mentioned is invoked after the operation completes
successfully and when sending notifications.
When the registration has been done for a client/peer then an object of this
class is created for each connection from the client/peer and the
authorizeOperation method invoked before/after each operation.

init

Initialize the callback for a client/peer having the given principal.
This is invoked when a new connection from a client/peer is created with
the host. The callback is expected to store authentication information of
the given principal for the different regions for maximum efficiency when
invoking authorizeOperation in each operation.

Parameters:

principal - the principal associated with the authenticated client or
peer; a null principal implies an unauthenticated client
which should be handled properly by implementations

remoteMember - the DistributedMember object for the remote
authenticated client or peer

cache - reference to the cache object

Throws:

NotAuthorizedException - if some exception condition happens during the
initialization; in such a case all subsequent client
operations on that connection will throw
NotAuthorizedException

authorizeOperation

Check if the given operation is allowed for the cache/region.
This method is invoked in each cache and region level operation. It is,
therefore, expected that as far as possible relevant information has been
cached in the init call made when the connection was
established so that this call is as quick as possible.

context - When invoked before the operation then the data required by
the operation. When invoked as a post-process filter then it
contains the result of the operation. The data in the
context can be possibly modified by the method.